New Attack Vector: ADFS and Office.com Exploited for Microsoft 365 Credential Thef
A new phishing campaign is making waves in the cybersecurity community, targeting Microsoft 365 users by exploiting Microsoft’s own Active Directory Federation Services (ADFS). What makes this attack particularly dangerous is that it uses legitimate office.com links as part of the lure, giving victims a false sense of security before redirecting them to malicious login pages. How the Attack Works Researchers at Push Security uncovered this campaign, noting that it represents a major evolution in phishing techniques. Instead of relying on suspicious emails or obvious fake websites, the attackers are leveraging malvertising —malicious ads placed on search engines. For example, a user searching for “Office 365” may see a sponsored link that looks completely legitimate. Clicking it takes them to a genuine outlook.office.com URL. However, that URL is carefully crafted to trigger a redirect controlled by the attackers. The key lies in abusing ADFS , which normally provides single sign-...